Re: Updated to High Sierra, all Admin accounts now Standard

I am hoping someone might know how to fix this - after updating to High Sierra, the two admin accounts on this machine are all of a sudden standard accounts. There is no admin account at all, which means I can't seemingly fix this problem because there is no admin I can log into. Any changes to the system or software installs I try to do that require admin approval, I have no way to grant it. And no way to create a new admin user without an existing.

I've looked up a couple of ways around this, but none have worked so far (example, using the command resetpassword while in recovery mode in terminal - it no longer allows you to select the root - it only shows the two Standard account - no way to create an admin. Also tried "resetting" the setup so I would reboot and have to go through setup again, forcing the system to allow me to create a new user through the setup process, but High Sierra doesn't go through those steps.)

Anyone have any ideas on what to try? There's always wiping the entire system, installing a fresh copy, setting up a detault user, and then importing the old users - but I thought I would see if anyone here could save me some time with some simple commands

Hopefully you'll have resolved it by now but just in case, and for the benefit of anyone else in the same predicament, this is what I did when an install of High Sierra Beta (17A291j) demoted my Admin account to a Standard account, rendering it impossible to install Xcode. Not sure if these steps are what you tried when you mentioned 'resetting' the setup, but at least for me it did allow a new user to be setup.

+ Reboot macOS into Single-User mode by holding down Command-S

+ Remove the file controlling whether the setup process is run by typing: rm /var/db/.AppleSetupDone

+ Reboot by typing: reboot

+ When the setup assistant appears, create a new account called admin (or any name other than the actual account name)

Once this was done I had my previous account (still Standard) and a new admin account. Using System Preferences > Users & Groups I could then elevate the standard account back to admin by ticking 'Allow user to administer this computer'. Alternatively you could leave the account as standard and just use the admin's credentials when prompted for authentication.

Start up the Mac whilst holding down ⌘-S. After a few moments, you'll see the Mac boot to the command line.

Before continuing, the filesystem must be checked and mounted, so files are't immediately accessible to interact with. To do this, enter the two commands that are displayed within the prompt, one at a time.

The following command will check the filesystem to ensure there are no problems. Enter:

/sbin/fsck -fy

The next command will then mount the filesystem for it to be accessible:

/sbin/mount -uw /

With the filesystem mounted and accessible, it's time to remove the file so OS X will re-run Setup Assistant:

rm /var/db/.AppleSetupDone

After that, simply enter reboot and your Mac will restart and boot normally. Only this time, Setup Assistant will launch after you login.

If you're able to log in (hurray, you're the admin now), then head over to System Preferences>Users & Groups and create a new Admin account.

Now restart and login to the new Admin Account (you may need a new Apple Id). Once you're logged into this new Admin Id, you can again proceed to your System Preferences>Users & Groups. Open the Lock Icon with your new Admin ID/Password. Assign "Allow user to administer this computer" to your original Apple ID. Restart.

If you're unable to login at startup using username: root and empty password, then login with your existing account (standard user).

Again, head over to System Preferences>Users & Groups. Click on the Lock Icon. When prompted for username and password, type username: root and leave the password empty. Press enter. This might throw an error, but try again immediately with the same username: root and empty password. This should unlock the Lock Icon. If it does, try Solution 1 next.

Given the nature of the workaround one has to ask why you posted Solution #2 instead of reporting this issue to Apple's bug bounty program.

We're on the Apple developer forums, so understand many would have a hard time believing you're just a normal user even when replying with "Solution 2 worked for me. No idea how or why. Hope this helps."

Who are you and what was your intention on posting a security issue on a public developer forum?

Too bad you have to be part of a secret society to collect bug bounties. I bet stuff like this would happen a lot less if they opened up the wallet and let regular developers make money off discovering these type of things.

More Like This

Retrieving data ...

This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Developer Forums Participation Agreement.